Malware Attack Hits Thousands Of Visitors To Yahoo.com

[PillowSmoke]

Two internet security firms have warned that hundreds of thousands of Yahoo.com visitors may have encountered malware from Yahoo's advertising servers, The Washington Post reports.

In a blog post on Friday, Netherlands-based Fox-IT wrote that it "detected and investigated the infection of clients after they visited yahoo.com." Some advertisements displayed to Yahoo visitors — which are served from ads.yahoo.com – were malicious iframes, hosted on a number of domains, the firm reported.

 

From The Washington Post:

 

Ashkan Soltani, a security researcher and Washington Post contributor, alerted me to the issue. Often, he says, such attacks are "the result of hacking an existing ad network. But there's another possibility, he says. The culprits may have simply submitted the malicious software as ordinary ads, sneaking past Yahoo's system for filtering out malicious submissions.

 

...

 

The fact that the malware targeted flaws in the Java programming environment is an important reminder that the software has become a security menace. When it was created almost two decades ago, the Java programming language was hailed as a way to make Web sites more interactive. But it has been largely superseded for this purpose by technologies like Flash and JavaScript.

 

Mark Loman, a security researcher who developed the Hitman Pro anti-malware software, also confirmed the issue on Twitter:

 

 

The earliest signs of infection were on Dec. 30, but could have been earlier, reports Fox-IT. The firm also updated their original blog post, writing that Yahoo was aware of the problem and "taking steps to fix" it.

We've reached out to Yahoo for comment and will be updating this post if we hear back.

Ranked fourth on the web, Yahoo.com receives 280 million visits and 1.6 billion pageviews per day, according to Alexa estimates.

Source: http://www.businessinsider.com/yahoo-malware-attack-2014-1

 

[ForeseenVisionz]

Yahoo, lol.

[Unhelpful]

Wow. It's a good thing nobody uses Yahoo... Except for my parents... Damnit.

[miyabwah]

people use yahoo.com?

[TicTac]

never gone on yahoo lol

[1823alex]

I thin most people should just know better to NEVER EVER in a million years dare to click an ad...

[T.Vengeance]

I thin most people should just know better to NEVER EVER in a million years dare to click an ad...

But you'd have the chance to win an all expense paid vacation to the Bahamas! Who would want to pass on that?

[1823alex]

But you'd have the chance to win an all expense paid vacation to the Bahamas! Who would want to pass on that?

Good one...

[LogicDeifying]

Wow. It's a good thing nobody uses Yahoo... Except for my parents... Damnit.

Yeah my father uses Yahoo on the PC I use....

[LogicDeifying]

people use yahoo.com?

People who don't know better.

[Dragonzeanse]

Guess I should warn my 50-something mom, then.

[TopWargamer]

I use Yahoo for email, but I think I can say that...

 

encountered malware from Yahoo's advertising servers,

...Adblock has protected me.

 

[Guest]

My dad uses Yahoo messenger... Luckily not the website, and not on a pc, but his phone.

[MegaDave91]

I thin most people should just know better to NEVER EVER in a million years dare to click an ad...

Should, but don't unfortunately.

[EChondo]

...Adblock has protected me.

I know people resent Adblock, but it's literally the first thing I install on my browser no matter what. Of course I leave exceptions such as Linustechtips and I have a seperate browser that has Twitch running in the back at lowest mode for ads if I'm watching the livestream, but this is the main reason why I use Adblock.

[martinrox1568]

I know people resent Adblock, but it's literally the first thing I install on my browser no matter what. Of course I leave exceptions such as Linustechtips and I have a seperate browser that has Twitch running in the back at lowest mode for ads if I'm watching the livestream, but this is the main reason why I use Adblock.

It would be best of both worlds if instead of adblock blocking http requests, it would simply modify the CSS of the webpage's ad to display:none or visibility;:hidden. This way, the ad still loads, so Linus still gets paid, but we don't have to see the ad. Granted, someone will have to come up with a different solution for video ads. . .

[IdeaStormer]

I use Yahoo for email, but I think I can say that...

 

...Adblock has protected me.

 

 

and NoScript and WOT.

 

Why people are still surfing with out these add-ons is beyond me, I guess people want to experience getting viruses and Trojan-ed.

 

For real, anyone who is on this forum should investigate using AdBlock Plus, NoScript, WOT, Ghostery right after reading this, it will save your proverbial rear ends, and unless you think LTT forums will get what ever you lose by not using it and giving them the supposed ad-revenue you are basically putting yourself in front of the metaphorical moving train.

[IdeaStormer]

I know people resent Adblock, but it's literally the first thing I install on my browser no matter what. Of course I leave exceptions such as Linustechtips and I have a seperate browser that has Twitch running in the back at lowest mode for ads if I'm watching the livestream, but this is the main reason why I use Adblock.

 

You should use it everywhere, protect yourself first and if you think they need money send them some cash but don't leave yourself open to an eventual vulnerability.

[MatheusSanzo]

My reaction when I read this, don't know why.

 

[colonel_mortis]

and NoScript and WOT.

 

Why people are still surfing with out these add-ons is beyond me, I guess people want to experience getting viruses and Trojan-ed.

 

For real, anyone who is on this forum should investigate using AdBlock Plus, NoScript, WOT, Ghostery right after reading this, it will save your proverbial rear ends, and unless you think LTT forums will get what ever you lose by not using it and giving them the supposed ad-revenue you are basically putting yourself in front of the metaphorical moving train.

Few reasons. I support website and content creators on the internet, and by installing adblock they will miss out on their well deserved revenue. Also, by blocking scripts, you are blocking a central part of the modern web and will (should) enable scripts on most websites anyway, thereby removing the protection they offer (at least I presume that's how noscript works, I've never used it). Ghostery won't help you with anything like this (if I understand it correctly), and means that ads will then be general rather than personalised, which makes the experience worse for you and less profitable for the people who deserve it.

There is very low risk of getting malware on your computer if you are sensible about the sites you visit, don't click on dodgy ads, and have an antivirus on your computer. To help Linus and all other internet content creators eat and keep up what they're doing.

I'm not trying to start a debate (it already seems to have started but anyway), but that attitude is not good for the future of free internet content.

 

On topic, That's pretty bad, but if it is a java based exploit, modern browsers (I'm aware of this being the case in firefox and I think chrome) require you to manually enable java on a page-by-page basis (or the functionality is coming soon/in beta), so exploits like this will be far less effective and therefore common soon. If IE follows suit.

[IdeaStormer]

Few reasons. I support website and content creators on the internet, and by installing adblock they will miss out on their well deserved revenue. Also, by blocking scripts, you are blocking a central part of the modern web and will (should) enable scripts on most websites anyway, thereby removing the protection they offer (at least I presume that's how noscript works, I've never used it). Ghostery won't help you with anything like this (if I understand it correctly), and means that ads will then be general rather than personalised, which makes the experience worse for you and less profitable for the people who deserve it.

There is very low risk of getting malware on your computer if you are sensible about the sites you visit, don't click on dodgy ads, and have an antivirus on your computer. To help Linus and all other internet content creators eat and keep up what they're doing.

I'm not trying to start a debate (it already seems to have started but anyway), but that attitude is not good for the future of free internet content.

 

On topic, That's pretty bad, but if it is a java based exploit, modern browsers (I'm aware of this being the case in firefox and I think chrome) require you to manually enable java on a page-by-page basis (or the functionality is coming soon/in beta), so exploits like this will be far less effective and therefore common soon. If IE follows suit.

 

You know you can support your content providers by just subscribing and joining their forums, blogs and what not. You don't have to disable Ad-Block, just clicking on their content is good enough, they keep thinking that ad-block is not counting your view of their content, the site still ads your click to view what ever they're hyping minus the ad if you have ad-block enabled, you just don't see the ad, its click based not ad posted count. As for missing content, yes I miss out on those "GREAT" ads for items I will never buy, wow I'm missing out :rolleyes: yes a great loss to my wallet as my money is over flowing in it since I'm not spending it, first world ad-block activated problems. I have to now find a way to spend my money and the lack of ad brain washing is not going to help me, what will I do?

 

Your posts add to the overall picture of click counts so keep posting to support LTT but you can re-enable Ad-Block to keep those rouge ad's from ever ruining your computer.

 

Remember you've been warned so don't complain the day your computer gets infected, just grin and say I support viruses/trojans and identity thieves world wide! Rise your hand for extra credit/effort in you support.

[colonel_mortis]

You know you can support your content providers by just subscribing and joining their forums, blogs and what not. You don't have to disable Ad-Block, just clicking on their content is good enough, they keep thinking that ad-block is not counting your view of their content, the site still ads your click to view what ever they're hyping minus the ad if you have ad-block enabled, you just don't see the ad, its click based not ad posted count. As for missing content, yes I miss out on those "GREAT" ads for items I will never buy, wow I'm missing out :rolleyes: yes a great loss to my wallet as my money is over flowing in it since I'm not spending it, first world ad-block activated problems. I have to now find a way to spend my money and the lack of ad brain washing is not going to help me, what will I do?

 

Your posts add to the overall picture of click counts so keep posting to support LTT but you can re-enable Ad-Block to keep those rouge ad's from ever ruining your computer.

 

Remember you've been warned so don't complain the day your computer gets infected, just grin and say I support viruses/trojans and identity thieves world wide! Rise your hand for extra credit/effort in you support.

If adblock didn't exist, I predict youtubers would make up to 2x the revenue per view because the ad impressions are higher. And as someone who has done a bit of web deving, I can assure you that advertisers like adsense, which power a lot of the ads on the internet, notably the ads around youtube, work on ad impressions rather than just the page being downloaded, and there are no impressions generated by someone using adblock. Plus is devaluates the value of a view if a lot of people don't truly view it (youtube). Also, while you are helping the channel to gain a bit more popularity by liking/subscribing, that doesn't translate into more money directly - that gets videos from the channel to get higher search rankings, which can eventually turn into the channel gaining popularity and therefore money. Joining the forums geneuinely doesn't help because I don't know if you and your ad-free world is aware, but there are no adverts on this forum. In fact, by posting here you are using up server resources and therefore costing them money, although not much, and yes, it will increase the search engine ranking of the site, but generally people won't come here unless they're looking for it, and it won't drive many more viewers to the channel.

 

TLDR: Just because a website gets "clicks" doesn't make it money - on the contrary, with adblock enabled, it loses the owner money.

[HeaT]

People still use yahoo?

[RexinOridle]

AdBlock for the win.

[Tock]

You don't have to disable Ad-Block, just clicking on their content is good enough, they keep thinking that ad-block is not counting your view of their content, the site still ads your click to view what ever they're hyping minus the ad if you have ad-block enabled, you just don't see the ad, its click based not ad posted count.

Wrong. Youtube counts 2 things. The overall views with enabled ads. If you want to learn more about Ad payment you should look at this PDF:

 

http://static.googleusercontent.com/external_content/untrusted_dlcp/www.youtube.com/de//yt/advertise/medias/pdfs/trueview-onesheeter-en.pdf

 

The most interesting point is "Pricing Model". It shows that you only get paid for clicks on your ad, watch your whole ad or atleast 30 seconds of it and more.